[00:16.770 --> 00:24.610]  So, I'd like to start off with... it's a great honor to be here. I've spoken many times at
[00:24.610 --> 00:29.850]  DEF CON, and it is a double honor to be speaking in a country that I love to visit and love
[00:29.850 --> 00:38.030]  to be here, and also at DEF CON. So, thank you for that. One thing to talk about when
[00:38.030 --> 00:46.670]  I'm... how I came up with this talk. I gave a talk at DEF CON 22 called Around the World
[00:46.670 --> 00:53.430]  and 80 Cons. And basically, that was a talk based on hacking culture. It's like what hackers
[00:53.430 --> 01:00.270]  are and how we're perceived. And it was really well received in the community, and also
[01:00.270 --> 01:05.390]  in the Chinese community. There was... it's actually translated and it's on your video
[01:05.390 --> 01:12.510]  websites as well. You can watch that talk and see it, and it's subtitled into Chinese.
[01:12.510 --> 01:18.210]  And people came up to me afterwards when I've come to Beijing and Shanghai, and they've
[01:18.210 --> 01:24.270]  said, like, I really appreciate that talk. So, I thought it was just natural to do a
[01:24.270 --> 01:31.830]  talk similar to that, but different, but targeted for here. And if you'll notice, we have a
[01:31.830 --> 01:38.230]  problem. And just like through the whole DEF CON, what you've heard are talks of people
[01:38.230 --> 01:43.990]  talking about problems and hopefully finding a solution for that. My talk is no exception.
[01:43.990 --> 01:49.910]  But my talk is about people and our perceptions and our culture. Because if you'll notice,
[01:49.910 --> 01:56.890]  there is a bad problem. Because you see here, when I searched in Google, I see the word
[01:56.890 --> 02:04.170]  hacker and look how negative all the images are. Look how scary that looks. That's frightening.
[02:04.710 --> 02:09.990]  It's like if I would have used Baidu, maybe I would have gotten better images. But I don't
[02:09.990 --> 02:17.230]  know. But these are very scary, negative connotations of the word hacker. Which is not the
[02:17.230 --> 02:22.350]  way it's supposed to be. And the reason why I titled it dark visitor devalued ally is
[02:22.350 --> 02:28.450]  because in China, it's like, in the language, dark visitor translates to hacker. That's
[02:28.450 --> 02:32.970]  what we're using the word. We're using hacker to just automatically mean dark visitor. Like,
[02:32.970 --> 02:39.910]  that is something negative. Which it should not be. So, a little bit more about me. Always
[02:39.910 --> 02:45.290]  do it like, I like to do a funny little intro. You may have seen me rob a bank on the TV
[02:45.290 --> 02:50.970]  show Breakthrough. You may have seen me in one of the videos. Or you may have seen me
[02:50.970 --> 02:56.190]  on the news. Most importantly, you probably have seen me inside your facility robbing
[02:56.190 --> 03:02.770]  you. Because that's what my main job is. I try to test people's security by being the
[03:02.770 --> 03:08.910]  bad guy before the bad guy is there. And these are actual, all different videos of
[03:08.910 --> 03:15.270]  me in places that I should not be. I'm very good at that. So, that's all you need to know
[03:15.270 --> 03:22.850]  about me. But, let's delve into what does it mean to be a hacker? What does it mean
[03:22.850 --> 03:29.250]  to the main culture? Well, in this day and age, it's seen as a criminal. When people
[03:29.250 --> 03:37.390]  on the news, they say a hacker stole this much money from a company. Or hackers went
[03:37.390 --> 03:45.270]  and they attacked a train system or a water plant or an energy grid. Or hackers went in
[03:45.270 --> 03:54.590]  and did those things. That's not the right way to do it. That's not true. Criminals did
[03:54.590 --> 04:03.170]  that. Criminals stole from that company using those tools that a hacker may have created
[04:03.860 --> 04:12.490]  or a methodology that a hacker uses. But it was criminals who did that. Not hackers. Not
[04:12.490 --> 04:20.570]  always hackers. I try to explain it to people that are not familiar with computers by talking
[04:20.570 --> 04:27.970]  about the analogy of the taxi driver. Do everybody here think that taxi drivers is
[04:28.350 --> 04:34.770]  a good profession? It is an honest profession. It is a profession that people can do to earn
[04:34.770 --> 04:40.250]  money for their families. It is an honorable profession to be a taxi driver. What does
[04:40.430 --> 04:50.550]  a taxi driver do? He uses his skills, his abilities, to use his equipment, which is
[04:50.570 --> 04:58.450]  the car, to drive people from one place to another for money. That's what he does. That's
[04:58.450 --> 05:08.230]  what a taxi driver does. But at the same time, a getaway driver, what does he do? For bank
[05:08.230 --> 05:14.390]  robbers, a getaway driver who helps people get away from crimes, what does he do? He
[05:14.390 --> 05:21.490]  uses his skills and his abilities to use his equipment in a way to get people from one
[05:21.490 --> 05:31.570]  place to another for money. Correct? So everybody, these two people are exactly alike. So when
[05:31.570 --> 05:37.770]  I talk about taxi drivers, I'm basically talking about getaway drivers too. And we should all
[05:37.770 --> 05:44.390]  look at taxi drivers suspiciously, because they also may be getaway drivers. You know,
[05:44.390 --> 05:48.050]  have you ever gotten in a cab wondering, like, I hope he's not going to a robbery. It's like,
[05:48.050 --> 05:52.250]  I hope he's not, he's not going to, he's not already just gotten off of a robbery and we
[05:52.250 --> 05:59.430]  can stop by. But you don't think those things, because you don't equate a taxi driver with
[05:59.430 --> 06:06.790]  the getaway driver. So why do we actually equate hackers automatically with criminals?
[06:08.190 --> 06:13.910]  That's not the way it should be. And it didn't used to always be that way. It used to be
[06:13.910 --> 06:21.490]  when you talk hackers, you're talking about artists, you're talking about creators, inventors,
[06:21.490 --> 06:28.010]  because at the very heart of it, hacking is looking at the world from a different perspective,
[06:28.010 --> 06:34.670]  is trying to change things for the better. That is what hacking is about. I'm not going
[06:34.670 --> 06:40.290]  to bangle the language. It's like I have too much respect for it to try to pronounce
[06:40.290 --> 06:46.330]  the names. So I will point to, like, our first one here. This is the inventor of the modern
[06:46.330 --> 06:51.550]  day version of paper. All the programs that you have, all the papers that you've been
[06:51.550 --> 06:58.170]  reading are based on what this gentleman has created. That was a hacker. He looked at what
[06:58.170 --> 07:04.070]  the paper was back in that time and he said, we can do this better. We can add some more
[07:04.070 --> 07:09.610]  compounds. We can experiment, find out what are the better compounds to make paper more
[07:09.610 --> 07:17.090]  reliable. And that's why we have paper because of him. And he's from China. Right here, it's
[07:17.090 --> 07:24.810]  like the magnetic needle compass from China. That was an inventor. That was a creator.
[07:24.810 --> 07:31.270]  That was a hacker who did that. A hacker made that happen. It's like, I don't know how he
[07:31.270 --> 07:35.810]  decided to make the compass. It's like, how do you get the first idea? I wonder if I put
[07:36.070 --> 07:41.050]  a magnet and some water and see if I can tell the direction. But it worked. So I'm happy
[07:41.050 --> 07:46.690]  with the results, even though I don't know how it operates. And also the professor here
[07:47.870 --> 07:52.870]  helped create fiber optics. One of the main reasons why we're able to communicate, the
[07:52.870 --> 07:58.570]  reason why we have the internet, the reason why we have a global community is based off
[07:58.570 --> 08:05.790]  of his work. And he's a hacker. When you look at something and you try to make it better,
[08:05.790 --> 08:11.390]  you try to change something, when everybody in the world tells you, this is the way we
[08:11.390 --> 08:20.550]  always do it. This is the way it's always been. And you say, really? How about if we
[08:20.550 --> 08:28.550]  do it this way? That's hacking. We were all born hackers. Trust me, we all were born hackers.
[08:28.570 --> 08:34.850]  Everybody remembers being a kid, trying to get away with something or building something.
[08:34.970 --> 08:39.310]  And Dan Kaminsky, I just heard him say a really great thing that I'm going to steal from him,
[08:39.310 --> 08:46.230]  but give him credit, where he said, one of the main things that a child does is ask why.
[08:47.430 --> 08:53.110]  That's universal, I'm sure. You all have children, and one of the main things they learn to say
[08:53.110 --> 08:59.410]  when they're little is why. Well, it's because of this. Why? Well, it's because of this.
[08:59.410 --> 09:05.410]  Why? It's because of this. Why? It's like, and we have to answer those questions, if
[09:05.410 --> 09:11.970]  we're hopeful, if we do that, because that's hackers. That curiosity, that wanting to know
[09:11.970 --> 09:17.290]  how things work, that's not just settling for the main answer that you give, but wants
[09:17.290 --> 09:22.390]  to delve deeper and find out the main reason. That's what it means to be a hacker.
[09:24.270 --> 09:29.110]  Another thing, it's like some other hackers that are also even more famous, because in
[09:29.110 --> 09:35.930]  the security, we always joke about people who use too many Sun Tzu quotes. And the reason
[09:35.930 --> 09:41.550]  why is because there's a lot of great Sun Tzu quotes. I was in the Brazilian airport
[09:41.550 --> 09:50.390]  just a few, like a month ago, and there was a Portuguese language book of Sun Tzu, The
[09:50.390 --> 09:56.530]  Art of War, because it is still to this day used for strategy thinking. It is used for
[09:56.530 --> 10:01.570]  businesses. It's like because of the things that can be translated. This is hundreds and
[10:01.570 --> 10:07.910]  hundreds of years old, but he revolutionized the way we conducted warfare and was able
[10:07.910 --> 10:13.590]  to translate that into business. That's a hacker. He took what everybody said, this
[10:13.590 --> 10:19.690]  is the way you're supposed to do it, and he was like, no, let's try it this way. And that's
[10:19.690 --> 10:22.910]  one of the key things. It's like you have to be able to do that. You have to be able
[10:22.910 --> 10:29.090]  to think outside the box. Sun Bin also is one of that, created another book, The Art
[10:29.090 --> 10:34.510]  of War, took the work from Sun Tzu and worked with it and actually added to it and expanded
[10:34.510 --> 10:39.090]  the knowledge base, which was an amazing thing at that time. It's like to actually say,
[10:39.090 --> 10:43.990]  like, let's try to go forth. And it is still a work that it's like well-respected to this
[10:43.990 --> 10:52.810]  day. The 36 Stratagems. My first company that I founded was actually based on Stratagem
[10:52.810 --> 10:58.890]  One. Stratagem One is to cross the sea by folding the sky. In other words, a familiar
[10:58.890 --> 11:05.010]  site provokes no notice. And basically that's what I do. I walk into someplace and look like
[11:05.010 --> 11:11.070]  I'm supposed to be there when I'm not supposed to be there, and I break things. I use Stratagem
[11:11.070 --> 11:17.270]  One very often. And I also use Stratagem 36 sometimes when I get caught. If you don't
[11:17.270 --> 11:24.070]  know what Stratagem 36 is, Stratagem 36 is run away. So I use that quite often too sometimes.
[11:24.070 --> 11:33.070]  So I actually have that book right there signed by Gaoyan, which is one of my favorite books.
[11:33.170 --> 11:40.190]  So there is a lot of resources that come from China. There's a lot of innovation
[11:40.950 --> 11:47.570]  that comes from China. There's a lot of hackers that come from China. You just don't normally
[11:47.570 --> 11:53.670]  label them that way. Instead, you call them entrepreneurs, or you call them inventors,
[11:53.670 --> 11:59.330]  or you call them creators. But in actuality, what they're doing is hacking the process.
[11:59.330 --> 12:03.110]  They're actually innovating. They're coming up with something new and trying to make something
[12:03.110 --> 12:09.490]  happen. And that's an important thing. So when we talk about hackers, that's one thing. Okay,
[12:09.490 --> 12:14.910]  because people tell us, yeah, Jason, but are you a white hat hacker or a black hat hacker?
[12:14.910 --> 12:20.950]  Are you a gray hat hacker or purple hat or green? I don't know. Just whatever hat hacker, right?
[12:20.950 --> 12:26.750]  And unfortunately, my head's too big to actually wear hats. So I always tell them I'm a no hat
[12:26.750 --> 12:35.110]  hacker. Because that's the way it should be. Because when you go to a banker, and if you look
[12:35.110 --> 12:41.590]  at all these stories, these are all bankers that committed crime. All these bankers committed
[12:41.590 --> 12:49.010]  embezzlement. All these bankers committed fraud. So why don't we have black hat bankers?
[12:49.690 --> 12:55.490]  Why isn't there a black hat banker? Why don't I go to my bank? And when I'm trying to get a
[12:55.490 --> 13:01.910]  loan from the company, do I tell the bankers like, well, you're a white hat banker, aren't you?
[13:01.910 --> 13:06.090]  Because I don't want a black hat banker working with my funds. I want a white hat
[13:06.090 --> 13:12.430]  banker. They would look at you silly, like, what do you mean? Well, that's the way I look at hacking.
[13:12.990 --> 13:20.550]  There is no hat. You're either a hacker, or you're a criminal or they are sometimes you can be a
[13:20.550 --> 13:26.890]  hacker that is a criminal. But there's a there's no such thing as making hacker equated with the
[13:26.890 --> 13:36.390]  crime. If I know how to create a gun, and I create and build guns, and someone else then takes that
[13:36.390 --> 13:43.430]  gun, and then commits a crime with it, does that make them a gunsmith? Do they know how to build a
[13:43.430 --> 13:48.290]  gun? Do they know how to create that gun and make the bullets or anything like that? No, they're
[13:48.490 --> 13:56.030]  using a tool to commit a crime. Back in the ancient days, people got robbed, people got
[13:56.030 --> 14:01.910]  stuff stolen from them by someone with a sword. Someone had a sword and said, give me all your
[14:01.910 --> 14:08.250]  money. Because that was a better way to commit a crime. Because before they only had stones.
[14:08.370 --> 14:13.790]  But now they have swords. So give me your money. Well, then bows and arrows came around,
[14:13.790 --> 14:21.370]  which were way better at you to use to commit crimes. And so the robbers started using bows
[14:21.370 --> 14:27.730]  and arrows saying, okay, give me your give me your money. It's like then guess what happened
[14:27.730 --> 14:32.810]  crossbows came over. And now people started committing crimes with crossbows.
[14:32.990 --> 14:37.050]  And then people started committing crimes with guns.
[14:37.710 --> 14:44.510]  Then several, you know, decades ago, people started committing crimes with computers.
[14:45.570 --> 14:51.830]  Just because the means of crime, or the means of tools for the crime have changed,
[14:51.830 --> 14:57.890]  doesn't make them anything more special. They're just criminals. They did not buy,
[14:57.890 --> 15:02.990]  they did not create the hacking methods. They don't usually create the hacking tools.
[15:02.990 --> 15:09.610]  They download them off the internet, usually for free. They watch a video trying to how to use it.
[15:09.610 --> 15:15.630]  And then they execute the crime. That doesn't make them hackers. That makes them someone who
[15:15.630 --> 15:20.570]  knows how to follow the instructions. It's like, so that's one of the things that you have to
[15:20.570 --> 15:25.970]  understand. It's like when you talk about that, so there's no black hat hackers. It's like there's
[15:25.970 --> 15:30.910]  no black hat, there's no white hat. There's just people who are trying to make things better.
[15:30.910 --> 15:37.610]  People who are trying to discover vulnerabilities and improve society. And then people who exploit
[15:37.610 --> 15:45.330]  those knowledge for crime. And those are the ones that are the criminals. Because hackers provide a
[15:45.330 --> 15:51.450]  valuable service to society by discovering vulnerabilities and reporting them. Basically what
[15:51.450 --> 15:59.990]  that means is there has not been one major vulnerability that has come out that was created
[16:00.470 --> 16:07.810]  by a hacker. Hackers do not create these vulnerabilities. They do not create these
[16:07.810 --> 16:14.830]  defects in the software or the hardware. They do not make those vulnerabilities. What they do is
[16:14.830 --> 16:23.550]  they discover them. That vulnerability is always there. It was already there when it was made.
[16:23.730 --> 16:30.710]  No one knew about it. It was always there, but someone who was searching, someone who was looking
[16:30.710 --> 16:39.450]  to make things better, discovered it. And that's the important part. I'm going to actually talk
[16:39.450 --> 16:46.930]  about Dan once again. Because Dan Kaminsky, several years ago, there was a huge vulnerability
[16:46.930 --> 16:53.130]  in our internet that affected the world. It affected the world. It could have effectively
[16:53.130 --> 17:00.690]  taken down the internet as we know it today. Dan Kaminsky discovered this flaw. He saw that this
[17:00.690 --> 17:12.750]  flaw was bad. Did he profit off of it? Did he try to exploit it? No. What did he do? He reported it.
[17:12.750 --> 17:17.930]  He coordinated with the help of others. And he got several other people and other groups and
[17:17.930 --> 17:25.230]  other companies involved to work together, silently, in secret, so it wouldn't become
[17:25.230 --> 17:33.210]  public and be damaging. And he coordinated this whole discovery so it could be patched and fixed.
[17:33.430 --> 17:39.930]  And that's the reason why the internet was still working. It was because he found a problem that
[17:39.930 --> 17:47.970]  was already there, just not discovered. And he made it public the responsible way by working
[17:47.970 --> 17:55.170]  with the people to help fix the problem. Does that sound like a criminal? But he's a hacker.
[17:56.190 --> 18:03.130]  Is that something that a hacker would do? And the answer is yes. That's exactly what a hacker would do.
[18:03.130 --> 18:10.950]  We're here to make things better. This last two days of DEF CON, you should have seen that by now.
[18:10.950 --> 18:14.250]  It's like that we were actually trying to make things better. We're trying to come up with
[18:14.250 --> 18:19.910]  solutions and we'll talk about vulnerabilities, but at the same time we also talk about how to fix them.
[18:20.770 --> 18:27.330]  The best thing though that's been going on is that we now have Blue Armies. We actually have now
[18:27.910 --> 18:34.890]  places where you can actually report those bugs, report those vulnerabilities to companies,
[18:34.890 --> 18:41.810]  and you actually get money for it. That's actually pretty cool. It's like, so now, instead of just
[18:41.810 --> 18:49.410]  being seen as an outsider, as a possible criminal, it's like we're actually helping
[18:49.410 --> 18:57.590]  make software and companies more secure by actually developing a resource to actually
[18:57.590 --> 19:03.610]  have those discoveries reported responsibly to the company. There are several companies,
[19:03.610 --> 19:07.910]  I have to apologize, I know there are some Chinese companies that I'm not familiar with.
[19:07.910 --> 19:14.290]  Here are some of the western ones that you can contact and get bounties for. And they will contact
[19:14.290 --> 19:20.830]  you and they will work with you and help you responsibly disclose those vulnerabilities. And
[19:20.830 --> 19:26.790]  this is an important service that is provided. It's like not just for the hackers that are getting
[19:26.790 --> 19:33.050]  money, but more importantly, it's helping the companies that are trying to respond. It's like
[19:33.050 --> 19:38.230]  they're trying to make their products safer. They're trying to make their customers more secure.
[19:38.230 --> 19:45.430]  This is what it's used for. It's like it is not a barter exchange. It's not some kind of dark web,
[19:45.430 --> 19:50.370]  you know, secret place where they're trying to sell and exchange vulnerabilities for money
[19:50.370 --> 19:56.710]  to exploit and damage those companies. It is actually used to actually help and better those
[19:56.710 --> 20:02.750]  companies. And that's one of the key things. You also have companies that have realized,
[20:02.750 --> 20:07.930]  they have come together and they've realized we need better security. So they are reaching out
[20:07.930 --> 20:15.170]  directly to the communities. And I have been at several conferences here where Microsoft or Apple
[20:15.170 --> 20:20.650]  have been here and have interacted with the local hackers to actually work with them to help
[20:20.650 --> 20:28.170]  discover vulnerabilities. It's like not everybody is on board with creating these vulnerability
[20:28.170 --> 20:33.490]  programs. I think they should. And I just put Cisco there because, you know, we all like to
[20:33.490 --> 20:40.470]  pick on Cisco. So there should be more involvement with more major companies. It's like who are
[20:40.470 --> 20:45.610]  dealing with these kind of security vulnerabilities. They should have a way for it to be reported to
[20:45.610 --> 20:51.430]  them in a responsible manner and reward the person who discovers it. That is a key thing.
[20:52.750 --> 20:57.590]  Now, I want to take a moment because I want to talk about what hackers mean.
[20:57.590 --> 21:02.670]  It's like now I want to talk a little bit more locally about the local culture here and
[21:04.210 --> 21:11.010]  the history of how I got here and how DEF CON groups in the global community and how we're
[21:11.010 --> 21:18.990]  working. And I'd like to start with a story. I did not get my passport until 10 years ago.
[21:19.730 --> 21:27.270]  I will not say how old I am, but let's say I was middle-aged when I first actually got a passport.
[21:27.270 --> 21:35.070]  And the very first country I went to was China. It's like it was in November of 2008
[21:35.890 --> 21:42.410]  and it was right after the Olympics. EXCON had changed their schedule from being in the August
[21:42.410 --> 21:47.430]  to being in November because of the Olympics. And so I was like, and I was doing research
[21:47.990 --> 21:53.770]  on hackers around the world and what they're like. And I was like, you know what? There's a problem
[21:53.770 --> 22:00.530]  in the West where people like to talk about what it means to be a hacker in China or what
[22:00.530 --> 22:07.710]  hacking in China is like without ever have gone to China, without ever seeing it. We get all these
[22:07.710 --> 22:14.550]  perceptions of what it's supposed to be like. And I told myself, I'm not going to be that person.
[22:14.550 --> 22:20.650]  I'm a hacker. I want to find the truth and I want to find it on my own. So I literally,
[22:20.650 --> 22:27.830]  within like two months, I got a passport for the first time and I got a ticket, got a hotel and I
[22:27.830 --> 22:35.490]  flew to China. Well, my first day in Beijing, 11 o'clock at night, I figured out that you're not
[22:35.490 --> 22:39.470]  supposed to go into the cabs where the guy comes and tells you and walks you into the parking lot.
[22:39.470 --> 22:46.530]  That's not the best way to get to your hotel. And I'm sitting in my hotel and I'm scared.
[22:47.550 --> 22:52.830]  And I am, and I'm being honest, I was scared. It's like I had not been scared in a very long time.
[22:52.830 --> 22:57.910]  I used to be homeless. I used to live behind a dumpster. I'm a high school dropout. I was, I'm,
[22:57.910 --> 23:03.210]  and it's been a very long time since I've actually felt frightened, but I was because I didn't know.
[23:03.210 --> 23:08.010]  I said, what are you doing? Why are you here? It's like, you don't know anybody. You don't know the
[23:08.010 --> 23:14.490]  language. It's like, you've heard all these stories about what it's like. It's like, why did you come
[23:14.490 --> 23:21.690]  here like this? And this is because I wanted to know. And so I woke up that morning, the next morning,
[23:22.390 --> 23:26.470]  and I went to Wangfujing. It was right off of Wangfujing is where I was staying.
[23:26.970 --> 23:33.450]  And I started seeing people. I didn't see Chinese. I started seeing people
[23:34.230 --> 23:40.570]  walking about doing their business, taking their children to school, going to work for the day.
[23:41.230 --> 23:48.470]  And I started understanding what the problem was. The problem was I was letting other people's
[23:48.470 --> 23:56.110]  perceptions and other people's fears dictate how I saw what it was supposed to be like.
[23:56.350 --> 24:02.770]  I was using other people's references to tell me this is what I should be afraid of.
[24:02.770 --> 24:08.810]  This is what it's supposed to look like. This is what you should know. As soon as I started getting
[24:08.810 --> 24:17.030]  out and looking at China, I walked for 11 hours all the way around the Forbidden City,
[24:17.030 --> 24:21.930]  the Zhejiang District, all the way back up around near Beihai Lake, in between Houhai Lake, and all
[24:21.930 --> 24:28.250]  the way back, I curved all the way back to Wangfujing. 11 hours I walked. It was amazing
[24:29.030 --> 24:34.050]  because I got to see people doing business. I got to see what China was like and I loved it.
[24:34.050 --> 24:38.210]  And then I went to the conference after three days, going to Great Wall,
[24:38.210 --> 24:42.090]  the Summer Palace, do all the tourist things. Summer Palace still takes my breath away. It's
[24:42.090 --> 24:47.090]  one of the most beautiful places in the world that I've ever been. I always go back to the
[24:47.090 --> 24:54.690]  Summer Palace. But I go to the conference, not knowing one, but one person. And you know what
[24:54.690 --> 25:02.510]  happened? I was greeted by Casper. And he didn't greet me as an American. He didn't greet me as a
[25:02.510 --> 25:09.790]  foreigner. He greeted me as a friend that he just met. He greeted me as a fellow hacker. I was
[25:09.790 --> 25:15.590]  instantly at ease at that conference. I may not have known the language, but I knew the people.
[25:16.170 --> 25:21.670]  I didn't know what the customs were, but I knew I was with other hackers.
[25:22.050 --> 25:27.370]  And that's what meant the most to me. And that's why I keep coming back every year. That's the
[25:27.370 --> 25:33.350]  reason why I keep visiting, because I'm at home here. It's like, because that's what Casper and
[25:33.350 --> 25:40.170]  them bring out. They actually bring out that spirit of hacker and community. And so I wanted
[25:40.170 --> 25:46.770]  to share that with everybody. So I've come more and more, and I've spoken here at several times.
[25:46.770 --> 25:53.410]  But what else I wanted to do was I wanted to, when I was asked by the Dark Tangent, Jeff Moss,
[25:53.410 --> 26:02.130]  to be the global ambassador for DEF CON groups. My first mission was to come to China,
[26:02.130 --> 26:09.190]  to come to Asia, and make sure that we got DEF CON groups involved here. Because this should be
[26:09.410 --> 26:14.230]  a global community. And that's the way I think. I think globally. I've gone to over 40 countries,
[26:14.230 --> 26:19.090]  I've never met a foreigner. It's like, we're all the same kind of people. We have different,
[26:19.090 --> 26:23.990]  you know, money, we may look different or talk different. But when it comes down to it,
[26:23.990 --> 26:30.410]  we're the same people. And so I wanted a DEF CON groups to be an actual global community,
[26:30.410 --> 26:35.030]  not just mostly in the West. And we've done a lot of things like that. We've
[26:36.590 --> 26:42.190]  expanded by leaps and bounds, with different groups everywhere. We've got a recently,
[26:42.190 --> 26:47.330]  we've got a new group in Algeria, we got a new group in Saudi Arabia, another one in South
[26:47.330 --> 26:53.650]  Africa. It's like there are several just as you saw yesterday, that are flourishing here in China.
[26:53.790 --> 26:58.270]  And that's amazing, because that's what it's about. It's a global community.
[26:58.930 --> 27:06.110]  I tell people that there's nothing worse than letting invisible lines on a map get in the way
[27:06.110 --> 27:11.850]  of making a new friend. Because when you look at the earth from space, it's like you don't see
[27:11.850 --> 27:19.790]  lines. You don't see borders. Because it's just people. And that's what global community is about.
[27:19.790 --> 27:25.170]  It's about going to a conference like this. And no matter where you're from, you have something
[27:25.170 --> 27:32.830]  in common. You're here to learn. I hope so. You're here to make something. Some people are just here
[27:32.830 --> 27:38.670]  to party, you know, it's like, especially at the DEF CON in Las Vegas. It's like, but that's fine
[27:38.670 --> 27:44.890]  because you also learn while you're there. You can't help but learn if you keep an open mind
[27:44.890 --> 27:50.110]  and you're curious. And that's what our global community should be about. It should be the
[27:50.110 --> 27:57.650]  connecting of everyone, no matter what country, in a common goal of education, of learning something
[27:57.650 --> 28:06.490]  new. Because when I look at a picture like this, I don't see businessmen. I don't see hackers.
[28:07.000 --> 28:14.710]  I don't see bankers. I don't see school teachers. I don't see Chinese. I don't see Koreans. I don't
[28:14.710 --> 28:22.710]  see Americans. I don't see Canadians or people from Paraguay. What do I see? I see people.
[28:23.350 --> 28:30.310]  Why do we put the labels on ourselves? Why do we make just saying a hacker automatically
[28:30.310 --> 28:38.810]  makes a person bad? Why do we automatically say being a banker is somebody bad? Why do we always
[28:38.810 --> 28:43.910]  say being a lawyer is bad? Because trust me, in most of every culture I've been to, there's always
[28:43.910 --> 28:49.890]  lawyer jokes. It's like everybody likes to make lawyer jokes. But it's like, but why being a
[28:49.890 --> 28:55.810]  lawyer is bad? It's like, why are we letting that label change the fact that we're dealing with
[28:55.810 --> 29:02.370]  people? We're dealing with humans. And that's the way it should be. Because there's a lot of myths
[29:02.370 --> 29:09.550]  out there. When you hear about the CTF, capture the flag, when you hear about some of the things
[29:09.550 --> 29:16.850]  that go on at conferences, they learn about how to break into Wi-Fi, or they're learning how to
[29:16.850 --> 29:24.710]  steal cars, or they're learning how to lockpick. It's like, and break into doors. Oh my gosh, that's
[29:24.710 --> 29:35.090]  scary. Right? They're learning where the flaws are in Wi-Fi. They're learning where the flaws
[29:35.090 --> 29:43.110]  are in the car. They're learning where the flaws are in the locks, so they can make them better.
[29:43.570 --> 29:50.030]  So they can make them more secure. And by making those things more secure,
[29:50.030 --> 29:58.030]  they make you more secure. They make the network more secure. The best thing that we have between
[29:58.030 --> 30:05.970]  us and criminals are hackers. Because they're the ones that are trying to strive to make things
[30:05.970 --> 30:13.330]  better, to learn where the vulnerabilities are, to learn where the flaws are, and get them fixed.
[30:14.250 --> 30:21.390]  It's like, and this conference is encapsulated to me, I think, by Confucius.
[30:21.790 --> 30:26.510]  It's like, I think he understood it. Some of the quotes that I picked out were,
[30:26.510 --> 30:33.150]  the man who asked a question is a fool for a minute. The man who does not ask is a fool for
[30:33.150 --> 30:40.990]  life. I think that's pretty true. Every truth has four corners. As a teacher, I give you one corner,
[30:40.990 --> 30:47.550]  it is for you to find the other three. Reviewing what you have learned and learning anew,
[30:47.550 --> 30:53.550]  you are fit to be a teacher. Acquire new knowledge whilst thinking over the old,
[30:53.550 --> 31:00.610]  and you may become a teacher of others. Education breeds confidence. Confidence breeds hope,
[31:00.610 --> 31:07.770]  and hope breeds peace. The ideal teacher guides his students, but does not pull them along.
[31:07.770 --> 31:11.950]  He urges them to go forward and does not suppress them. He opens the way,
[31:11.950 --> 31:18.170]  but does not take them to the place. Have you not experienced that here at DEF CON?
[31:20.030 --> 31:26.790]  That's what it's about. At the hardware hacking village, are they giving you those electronics,
[31:26.790 --> 31:31.450]  those happy jacks, and are they assembling them for you? Are they saying, here,
[31:31.450 --> 31:38.350]  buy this one and it's already finished, it's already blinking lights? No. They're giving you
[31:38.350 --> 31:43.530]  that one corner. They're giving you that one section, and then they're giving you an avenue
[31:43.530 --> 31:48.950]  to find the other three. They're showing you, they have a village there to show you how to
[31:48.950 --> 31:54.290]  solder it, to show you how the wiring works, to show you how to make it light up, to be the way
[31:54.290 --> 31:59.770]  it's supposed to be. Because that's what it's about to be at DEF CON. We can't just give you
[31:59.770 --> 32:05.430]  the answers. We can't just hold it onto a plate. You have to want to search. You want to have to
[32:05.430 --> 32:12.730]  question. You have to be curious. You have to be asking why. And that's what's a good teacher
[32:12.730 --> 32:21.150]  and is a good student. It's like someone who's always going to ask why. But also we have a
[32:21.590 --> 32:30.270]  in the reverse with perceptions. I have a problem with hackers. It's not just me having a problem
[32:30.270 --> 32:35.330]  with what I call normal people. It's like I have a problem with hackers as well sometimes.
[32:35.390 --> 32:42.290]  And one of the biggest problems is when we get upset that people think that hackers are criminals,
[32:42.290 --> 32:49.930]  people in security, people in hacking, think that executives and users are stupid.
[32:50.730 --> 32:56.430]  Or that they're dumb. Or they don't know what they're doing. Well guess what? That's just as
[32:56.430 --> 33:04.410]  wrong. We cannot meet in the middle ground unless we're both open to understanding that the person
[33:04.410 --> 33:11.310]  that we're talking to, though may be different in a different profession, still wants the best thing.
[33:11.610 --> 33:17.530]  An executive in the company that you work for wants the company to be profitable.
[33:17.530 --> 33:24.570]  They want the company to do well. You as a security researcher wants the company to do well.
[33:24.570 --> 33:30.270]  That's a common goal you can find. You may have disagreements on how to get there.
[33:30.450 --> 33:36.430]  You may not fully understand each other's methods on how you get there. But the goal
[33:36.430 --> 33:43.530]  is always the same. That's what should bind you. So when you're thinking and you're dealing with
[33:43.530 --> 33:49.830]  people who may not understand what it means to be a hacker, you don't dismiss them. You don't just
[33:49.830 --> 33:56.050]  say, well, you're an idiot. You don't understand. I don't need to waste my time with you. You teach
[33:56.050 --> 34:02.770]  them. It's like when we hear about people in the hacking community, and I get questions all the
[34:02.770 --> 34:09.410]  time, how do I become a hacker? How do I get involved in security? And I always say the same
[34:09.410 --> 34:17.270]  thing. If you ask these questions, you're already a hacker. I can't make you one. If you want more
[34:17.270 --> 34:24.830]  resources to how to get better, I can help you with that. If you need avenues on how to learn
[34:24.830 --> 34:33.070]  more, I can help you with that. But I can't make you one. You have to be one. It's like, so
[34:34.410 --> 34:39.070]  I'm going to go and say, where do we go from here? To me, this is a big question. And I love this
[34:39.410 --> 34:45.990]  path. This is the 99 Dragon Path off of Kinmen Mountains. I was there. And it's a perfect
[34:45.990 --> 34:50.710]  thing the way we're going and reaching the future. Because this is a very scary bus ride
[34:50.710 --> 34:59.850]  down the hill. I have taken it. But it's a beautiful ride. It's breathtaking. And it's awesome
[34:59.850 --> 35:06.070]  to do. But you do get a little nervous on the journey. And that's where we're at right now.
[35:06.070 --> 35:12.470]  We're starting this path down. And it's up to us to work together to make sure that it's to
[35:12.770 --> 35:19.270]  a great destination. There's nothing that we do alone. It's all together as a community.
[35:19.270 --> 35:26.150]  So I want to end it with the community. I want to end it with you by saying, let's ask questions.
